Reply to Prof. Sears' rant against free speech defenders

Updates below.


Here's a quickly-assembled response to this interesting Twitter thread, by a Matthew A. Sears, professor of Classics and Ancient History at the University of New Brunswick. When classics professors say the sorts of things he did early morning on April 28, I think a response is in order.

(I'm not responding on Twitter, because I don't do politics on Twitter anymore, and that's because it's the wrong medium for long-form thinking. Political discourse is better when it is beyond tweet length.)

Dear Prof. Sears,

In this reply, I'm going to go tweet by tweet and unburden myself of some replies. Let's get right to it.

We should name every white supremacist. Name every writer, blogger, YouTuber, and politician that inspires them. Plaster their faces in public. Fire them from their jobs. Hound them from restaurants. Expose them and those that fuel them for the hateful pathetic wretches they are.
source

When you use the phrase "white supremacist," I seriously have to wonder whether you mean, well, me. I'm a libertarian, and I defend free speech. The problem here is that the phrase "white supremacy," which once was understood to mean the sick world view of bona fide KKK members and Nazis, has come to be applied to the mere fact that white people are unjustly "privileged" by their race. Actually, the phrase was "white supremacism," referring to a set of beliefs (an -ism). As it became increasingly unacceptable to progressives that white people enjoy unjust advantages, this fact came to be called "white supremacy," which is very close to "white supremacism." Then the "clever" progressive idea was that anyone who isn't as outraged by this unjust advantage is a white supremacist (the phrase you used).

When the left started saying, in 2015 or so, that white supremacy was suddenly once again a growing trend, I didn't notice any such trend. I did notice the trend of talking about the trend, though. I thought it was weird, and I wondered what the left was up to. I don't think there are more people today who seriously hold racist views than there were, say, 10 or 20 years ago, let alone 40 or 50 years ago. I think that on the left and the right, there is more actual racial, ethnic, and religious tolerance in the West than there ever has been in the history of the West. Perhaps this progress (and I agree: it really is progress) isn't fast enough for the left. But more likely it is the case that the left saw the increasing consensus that bigotry really is an awful thing, and it struck them as a wonderful opening to accuse their opponents of being intransigent bigots.

Anyway, if it were true that there were massive numbers of white supremacists—say, all or half or even a quarter of the people who voted for Trump (in historical terms, that really would be a massive number of people)—then I might agree with you, Prof. Sears. Then I, too, might say, "My God, look at how prevalent bona fide white supremacy is becoming. We've got to do something about this. Let's try shaming them!" I really hate racism, too, and, you know, shaming can work, at least if the shamer and the shamed have some values in common.

But it's not true; there aren't massive numbers of white supremacists out there. They remain probably less than 5% of the population (maybe less than 1%; what the percentage would be would, of course, depend on how you define and operationalize the term). Anyway, the only way you can conclude that the rise of "white supremacism" (that -ism again) is a problem is if the vast majority of the people you want to call "white supremacists" actually do deserve to be called "white supremacists." Of course they don't deserve that epithet, I think, and the vast majority of people outside of the radical left think so too. You make it sound as if most or all Trump voters are white supremacists; in other words, about 25% of eligible voters in the U.S. That probably sounds plausible to you. But again, it doesn't to me, and it doesn't to the vast majority of people outside of the radical left. The suggestion is just bizarre.

So maybe you can see why it would be alarming to me and to many other people who might find themselves lumped in, by you, with cross-burning, swastika-wearing fascists. This is utterly bizarre for a classics professor to say. If the classics professors, of all people, are now saying we need to shame Trump voters for being white supremacists, hound them from restaurants, and get them fired, then the real problem lies with unhinged leftist agitators, not with any white supremacists who actually deserve to be called that.

And that includes every vile little shitlord in a campus "free speech" club who spends his time platforming white supremacist trolls under the banner of "free speech," and every grifting liar that goes on about campus "censorship" and the "marketplace of ideas."
source

What a thing to say. My first reaction is this. Sir, you are a professor. When I was teaching college, I would never, ever have called any of my students, singly or collectively, no matter what I thought of him, a "vile little shitlord." What an appalling thing for a professor to say about his potential students. How dare you?

Like it or not, this reveals that you simply cannot be trusted to teach those students who would join free speech clubs. When I was a grad student, I was in a libertarian club. If I were a student today, I'm pretty damn sure I'd join a free speech club. I sure as hell wouldn't want to take a class from you, though, after reading these tweets, even if your research interests and papers do look very unwoke and ideologically un-edgy.

Since the appearance of actual white supremacists on campus is a rare occurrence indeed, the person "who spends his time platforming white supremacist trolls" is, one can only conclude, simply any member of a conservative and libertarian club (that invites speakers).

This says far more about you than it does about any person you're inclined to dismiss (and, indeed, dehumanize) as a "vile little shitlord" or "white supremacist troll" or "grifting liar." What it says is that not only do you dislike the right, i.e., anyone who advocates for conservative or libertarian ideas you disapprove of; not only are you personally intolerant of them; not only are you willing to say so publicly; but, beyond all that, you are a classics professor at a state university who passionately urges every "woke" person to shame, fire, hound, insult, and probably drive away from your university pretty much everybody on the right. And that they deserve to be called "white supremacists," which is pretty much the worst thing that you can think of to say about a person.

How on earth can a classics professor think this way?

Did you ever believe in free speech? If so, when did you stop believing that the right should have it? Don't you see any connection at all between free speech and intellectual tolerance? How on earth can you be a teacher of classics and and fail to see the value in being confronted with ideas that are deeply antithetical to your own? After all, left-wing intellectuals study Mein Kampf and conservative intellectuals study Das Kapital; all intellectuals in liberal countries like Canada should be able to recognize the importance of remaining open to serious discussions of ideas opposed to their own. That's precisely why many of us are wringing our hands about free speech and censorship on campus. People who called themselves liberals were not long ago the biggest defenders of free speech, and their ideological inheritors are now, amazingly, some of its biggest opponents.

(It's hard for me to wrap my mind around the thought that some of the censorious progressives might actually have been themselves open-minded, tolerant, free-speech advocating liberals not so long ago. How does that happen?)

And if there's a political party that attracts the pepe the frog and "white genocide" crowd, that party should be called out - including by the mainstream press - as a white supremacist party that helps to create the environment in which Jews and Muslims are murdered.
source

The people who fear a white genocide because they fear the white race being extinguished are, I'll grant you, pretty damned problematic. Some of them really are white supremacists. But not everyone who worries about the decline of Western civilization—say, readers of National Review or students of Hillsdale College or, maybe, a few of your strangely quiet classics students—would feel comfortable couching their worries in terms of "the white race."

Similarly, a lot of the young fools who think it's funny to post memes featuring Pepe the Frog are not white supremacists. Some of them are black, or of other ethnicities. They post the memes to have some fun at your expense and get your goat, which they clearly have done. Young people really enjoy having fun at the expense of their self-important elders.

Now, you "wonder" if there's a political party that goes in for Pepe and the "white genocide" theory; clearly, you think there is one, and it's the Republicans; and "that party should be called out...as a white supremacist party". This is weird, though. It's like you're in the middle of the religious wars in Europe, in a place where there are approximately equal numbers of Catholics and Protestants, and you say it's time to "call out" your religious enemies. What does that even mean? That everyone on your side should say everyone on the other side is the worst thing you can think of, a "white supremacist"? And say it over and over again? Is that what a mass calling-out of one side by the other side would look like? What effect do you suppose it could possibly have?

And you're a classics professor, saying this. You will never live this down, Prof. Sears. Well, either that, or society will move inexorably toward some sort of weird, new kind of civil war, in which your views will become the new norm. That after all seems to be what you're advocating.

Because if there really are such things as "Canadian values" or "civilized values" like these dog-whistlers keep blathering on about, those values should include calling out white supremacy and calling BS on claims of "irony" or "debate" regarding racist memes and ideas.
source

"Dog-whistlers" indeed. The implication is that one can't loudly and earnestly advocate for free speech sincerely, or to worry about the decline of things like, I don't know, the classics, because it's really just code (a "dog whistle" that the left seems particularly good at hearing; go figure) for white supremacism.

Anyway, no. It isn't a civilized or Western value (by now, maybe it's a Canadian value, eh?) to agitate for what amounts to civil war, putting everyone from one ideological camp at the throats of everyone from the other. That's not a Western value. The Enlightenment values that you, Prof. Sears, ought to stand for as a professor of liberal arts, definitely include such things as free speech, intellectual tolerance, and a little thing you might have learned once as an undergraduate but have clearly long since forgotten, namely, the principle of charity.

People are dying. And if opposing the environment in which people are dying means that some MAGA-hat- wearing wanker doesn't feel "comfortable" on campus or out in public, then so be it. Because that wanker makes it his life's work to make the marginalized feel unsafe.
source

Look. I don't know if there have been more attacks on Jews (by Christians) or on Muslims (by Westerners) than there were, say, four years ago, before Trump. I'd like to know, but coming to a fair judgment on such a freighted question would be difficult indeed. Let's suppose the attacks have increased; even then, I still wouldn't know if any part of the cause of such a problem is the election of Donald Trump. I wouldn't rule it out. But, again, coming to a fair, unbiased judgment would be very hard.

Here's something I do know. It is extremely unconstructive to tar people who are merely, as they have for generations, defending Christian and Western values, and who really are capable of loving people of all races and religions, with the brush of "white supremacism," or to blame them for and lump them in with mass murderers. I would of course say the same thing to any right-winger who attempted to smear all of the left with crimes committed by leftists. In both cases, I would say that's a ridiculously bigoted and actually dangerous thing to say. It's very similar to the sort of thing we used to take bigots to task for, when we were growing up in the 1970s or 1980s, when those bigots implied that black men were all bloodthirsty killers. It's profoundly unjust to blame all members of a group for the crimes of some unhinged members of the group. Don't you agree, Prof. Sears?

The problem here is that somebody wearing a MAGA hat, or complaining about campus censorship, inspires two extremely different reactions. To the Trump voter, the hat is a declaration of allegiance to Trump's outlook, candidacy, and policies. For them, it's not unlike a bumper sticker or a yard sign or a political protest—it ought to be fairly innocent. But to the left, owing to breathless screeds such as yours, it has become a symbol almost as bad as a swastika or a burning cross.

When a conservative sports the hat, not only do you conclude the person is a "white supremacist," it really freaks you out that the person actually feels empowered to wear the hat. He shouldn't feel comfortable wearing it, you say, because it means—well, it means exactly what you say it means. It means he's a wanker who is a white supremacist. You don't take his self-interpretation seriously. It's like Pepe—it can't possibly be ironic because it means what you say it means.

Don't be a useful idiot. And don't think for a second that these people are actually interested in "debate."
source

In other words, don't practice political tolerance. Doing so makes you a "useful idiot." The smart people are all intolerant, like Prof. Sears.

Of course, if you actually sit down with plenty people outside of the radical left and talk to them about the issues of the day, from immigration to free speech to socialism, you'll find that they really are interested in debate. Many of us actually thirst for good debate, because honest, fair-minded, charitable political debate is so goddamn rare today.

Prof. Sears, you are clearly projecting when you say these people aren't interested in debate. You just got done with an unhinged rant in which your main point is that these people aren't worthy of the respect needed to have a sensible debate. It's true of you, not them, that you aren't actually interested in a debate with your opponents. You want to shut them down, shame them, get them fired, and probably get them expelled. After all, why on earth would you want to debate anyone so inhuman as a "white supremacist"?

--Larry Sanger


UPDATES (5/3): Matthew Sears has since removed the tweets, which makes me rather glad I quoted them rather than embedded them below. Newsweeknoticed the tweets, and even quotes me in response. By the way, the tweets of mine that Newsweek quoted are gone, mainly because I've vowed not to use Twitter for politics other than to support and defend my blog posts. I removed them myself. Who knows, maybe Matthew Sears felt the same. Or maybe he was shamed into removing them. I doubt we'll ever know.


How I securely sync my passwords (and why you should, too)

With a uber-geeky bonus: How I synced my Enpass passwords over my Synology NAS using WebDAV

You need a password manager that syncs

Let's begin with what I hope will be a useful review.

You should be using a password manager. What's that, and why? A password manager simply holds all your passwords and makes them easily available to you. You need one because (a) you need to have strong passwords, or else your web accounts (which can contain really sensitive info) can be easily cracked; (b) passwords, to be strong, must be different on every site and very complex (and so hard to memorize); (c) you can't possibly memorize that many strong passwords; (d) copying and pasting passwords from some plain-text repository, let alone typing them in, is a pain nobody needs.

Password managers solve all these problems for you. They (a) check that your passwords are strong; (b) make it super-easy to generate strong new ones; (c) make them all available if you simply memorize one strong password; (d) auto-fill your passwords in forms on all your devices.

But in our multi-device lives, there's yet another problem: you need to sync your passwords across your desktop, laptop, and mobile devices. It's a royal pain, isn't it? Of course it is. How do you do it? Well, let's talk about some suboptimal solutions, to help explain why I went to some rather great lengths.

You could shuffle a document back and forth between devices, e.g., by email or a messenging app. But that's a royal pain.

If you're more clever, then you'll have a single document that is accessible using all devices. For example, maybe you keep yours in a Google Doc. That would be a bad idea, because Google employees could easily see your passwords, and if anybody else got a hold of the document, they can just make a copy and you'd be none the wiser. You really need an app, not a document.

This is why password managers apps work on computers as well as handheld devices, on multiple platforms. The one I use, Enpass, is open source software (UPDATE: oops, no it’s not: https://discussion.enpass.io/index.php?/topic/210-open-source/) that works on pretty much every consumer platform. But how do the passwords get synced? Each instance of the app, on your different devices, has its own copy of your password data. Well, the even cleverer solution then is to sync your passwords "in the cloud." The password manager software company will hold your passwords for you, as a service, on their servers. That's "the cloud" in action. Then, if you're on your desktop PC and you update your password manager with a new password, the change is quickly reflected on your phone, where you can use it quite easily. Neat!

Your password manager should use zero-knowledge encryption for syncing, at least

Here's the thing. The cloud is kinda evil. I know that's a cranky sort of thing to say, but I'm getting old and therefore I'm permitted to say cranky things.

I am only slightly joking. The evilness of the cloud is actually rather well demonstrated by the situation with password managers.

Suppose your passwords are sent, via an encrypted connection, to the company's servers. Suppose they're even encrypted there, making it especially difficult for anyone to hack your password collection. But you still have to trust two things: the honesty of the password management software company, and their own security practices, which ensure that external forces cannot hack into their (encrypted) database.

There's a very cool bit of tech you can look for in password managers that solves the latter problem very handily: zero-knowledge encryption. Basically, the company stores a completely encrypted copy of your passwords on their servers. They couldn't read it even if they wanted to, because they don't have the key to unlock it. Only you can unlock the data file, because only you have the key. Neat, huh?

(It's called "zero-knowledge," obviously, because the company doesn't know anything about the information stored on their servers. They know it belongs to your account, but that's it. All cloud services should use zero-knowledge encryption, but very few do. Ask yourself why they don't.)

Now, this is probably adequate security for most people. But it's not good enough for me. I don't want the password manager company to touch my passwords. They're very valuable, right? You still have to trust the company; there's all sorts of things that could go awry, or they could intentionally update the software in a way that would undo the encryption. (Or maybe just for select users that the government asks to spy on. If I lived in China or Saudi Arabia or were a spy or government whistleblower, I'd worry a lot about this.)

Use FOSS and self-host, if you want to be an uber-geek

One of the great things about FOSS (that's geek-speak for "free, open source software") is that nobody has ultimate control over it, because anybody can fork it, i.e., make their own copy and take development in a different direction. That's because the license specifically permits that, and the development happens all out in the open. If the project is big enough, then there are at least several (sometimes, hundreds of) developers looking at new code being checked in. If somebody checks in something that's dangerous or privacy-violating, the FOSS developers (a notoriously privacy-jealous bunch) will put a stop to that noise in short order.

So if you want to use zero-knowledge encryption in your password manager, great, but make sure the software is FOSS, because then it becomes even harder for people to play tricks with the software.

You know what would be even better, though? If you never have to transfer your encrypted password file to somebody else's server in the first place. In other words, host it your own damn self.

But how, you ask? Well, there aren't very many solutions that are available to the non-geeky. In fact, I'm fairly sure all of the self-hosting solutions push the needle fairly high on the geekometer.

If you want to self-host and you want your password database to be accessible to all your devices, regardless of where you are, what does that mean you have? A server. There are a couple ways to set up your own server.

One is to use your desktop computer (or even an old laptop) and plan on leaving it on all the time. You could install NextCloud on the machine, which transforms it into a server. Like, wow, that's cool. If you're a geek. But because geeky things are now cool, that's just cool, period.

Another is to use a NAS, or some other dedicated server, i.e., a computer that is specifically set up to talk to other computers over your LAN (local-area network; your home or office network) and over a WAN (wide-area network; here, the Internet).

Bonus: How I set up my Enpass passwords to sync over my Synology NAS using WebDAV

I ended up choosing a NAS over installing NextCloud on my desktop. I further chose a Synology NAS. This evening I finally decided to sit down and start hosting my passwords on my NAS. How?

I'm not going to give you all the steps in detail.

(1) You need to get an SSL certificate for your server, i.e., the thing that allows you to use https: and not just http:. Why? Because you'll be using WebDAV to update information on your NAS, and WebDAV (being an Internet protocol) needs to be made more secure by encryption. While your data should be encrypted by your password manager, another layer of encryption is important. So get this done. By the way, Synology comes with a self-signed certificate, which will make Enpass complain. You'll have to check a box saying that you want to ignore this complaint. But you shouldn't do that.

By the way, if you don't have a permanent URL for your NAS (for this, you'll have to use DDNS), you'll have to solve that problem first. You can't use an IP address.

2. Set up a WebDAV server on your NAS. In other words, a server process on your server device. WebDAV, as Everipedia puts it, "is an extension of...HTTP that allows clients to perform remote Web content authoring operations." In other words, it allows software to update data files remotely, if the software is given permission and the data files are set up to be updated using the protocol.

On my Synology device, the steps I followed are these (great tutorial here):

  • Install the WebDAV Server package, located in the Package Center.
  • Open the WebDAV Server interface, enable both HTTP and HTTPS, and assign them the ports 5005 and 5006, respectively.
  • Create a 'webdav' user (see the above-linked tutorial for important details; make sure you get the permissions stuff right).
  • Create a 'webdav' group as well (ditto).
  • Create a 'webdav' or 'upload' (or whatever) folder. You'll specifically need to grant read/write permissions to the 'webdav' user for that folder.
  • To confirm that your new webdav user can use the folder, drop a picture, say kitten.jpg, into the webdav folder. Then go to https://your.nas.address:5006/webdav/kitten.jpg. Note: use https, not http, use the '5006' port number, and use the name for the directory you created before. If, when you try to pull that address up in a browser and you're prompted to log in, groovy, you're halfway there. Then put in your webdav user credentials (not your admin credentials), and you should be able to see the picture. If you can, coooooool. Again, the above-linked tutorial has other things you can try to confirm your connection.
  • Next, open Enpass (or another password manager that supports WebDAV). In Enpass, go under the gear menu > Vaults > Primary (or whatever you want to sync via the NAS). Then you'll be able to choose from a number of sync options. Choose "WebDAV". You'll next have to put in your 'webdav' user authentication info, and for the address, you'll want to use the address given above. I further made an Enpass directory inside that, and tacked that onto the end of the URL, so I got something like this: https://your.nas.address:5006/webdav/Enpass/. This is important to get right. Then press "Connect" try it out. With luck, you'll be connected.
  • To test that things are syncing, open a copy of the password manager on a different device and repeat the previous step. Make a small change in one copy, press the sync button/icon in the upper left (which has changed to a "server" icon, which I thought was a nice touch), go to the other copy, press the sync button there too (because you're impatient), and then see if the change is reflected in the second copy. If it is, you're done.

That's how I got it to work. And now...all my password info (and a lot of other data) is out of the public cloud, in a private cloud consisting just of my family's devices. Pretty freaking awesome.


The NAS revolution: Get your data out of the cloud

It turns out the cloud is kind of evil. We blithely put all our data online, right in the hands of giant corporations (and by extension, hackers and governments) who only too happily control, sell, datamine, steal, and spy on it. But you can take control of your data. Now. Here's how.

When most people hear "the cloud," if they have any inkling of what it means, they think of Dropbox, Google Drive, and other file storage and synchronization services of that sort. But if you're hip to the scene, "the cloud" extends to any service that manages your personal data online. The emphasis is on personal data. The cloud, rather than a device of yours, stores data like your calendar (as hosted by, say, Google Calendar) and contacts (as hosted by, say, Apple's iCloud) as well.

If you're a typical plugged-in Internet user, "the cloud" in general manages a stunning amount of your data:

  • Document storage and sync: this includes all the files you might have put in Dropbox, Google Drive, Google Documents, iCloud, Box, Amazon Drive, or Microsoft's OneDrive.
  • Email: Gmail is the 800-pound gorilla, of course.
  • Calendar: Google Calendar and iCloud storage dominate here.
  • Contacts and address books: Google, Microsoft, and iCloud.
  • Online photos: Instagram, Facebook, Google Photos, Flickr, iCloud, and Dropbox all have cloud solutions for sharing your pictures with friends and family.
  • Home video: Facebook and YouTube are probably the main ways we have of storing and sharing our videos with family and friends. There are other options, of course.
  • Movies/TV shows: If you paid for commercially-produced videos that you own the digital rights to, they're in the cloud. This is the direction Apple, Amazon, and YouTube, for example, want you to move in.
  • Notes: Your phone's note-taking app, etc.: iCloud, Evernote, OneNote. The home of your note data is in the cloud, not on your machine.
  • Password apps: Your browser's password saving + sync feature uses the cloud, as do Dashlane, LastPass, 1Password, Enpass, etc.
  • Bookmarks: Your browser (Chrome, Firefox, others) probably syncs your bookmarks for you; the bookmark data is in the cloud.
  • Chat: Yes, chat isn't just a social media type of app. It's also a cloud app for use by private consumers dealing in small groups or one-on-one. If you're like me, you have private chats not just with random strangers, but also with family and friends. Insofar as this data can be presumed to be highly private, it's also "in the cloud" and not just "online."
  • Your blog: If you used to host your own blog, but now write for Medium, Quora, Blogger, Tumblr, WordPress.com, or some other blogging platform, then your blog is now "in the cloud," hosted alongside a zillion other blogs. That goes for web hosting in general, too.
  • Code hosting platforms: If you check your code in on Github or Gitlab, or run it on Digital Ocean or Heroku, your code is in the cloud.

Look at that list, and consider: an amazing amount of our computing is out of our immediate control.

There are two perfectly good reasons for this. First, we own multiple devices and we need to share and sync data among them. We also want to be able to share data with friends and family more easily. But, because this involves networking, it is a much more technically difficult problem for programmers to solve than simply writing desktop software. Since networking and sharing are already done via the Internet, it just makes sense for sharing and syncing services to be coordinated by Internet companies.

Second, simply letting centralized corporate services handle this data coordination is terribly convenient—that's hard to deny.

The necessity of sharing our data, coupled the undeniable convenience of the cloud, sure make it look like the cloud is going nowhere. I mean, what are you going to do, host your own calendar, home videos, and chat apps? How will you sync the data? That's a non-starter for non-technical people. Why not just let the professionals handle it?

But it so happens that, now, you can host your own stuff. How? I'll explain. But first, let's talk a bit about why you might want to host your own stuff.


We are increasingly suspicious of various cloud services, and we should be. It's not just Facebook selling your private chats with Netflix and Spotify, or Medium dictating what you can write in your blog, or Google datamining student data in the cloud—to take a few rather random examples. The events of the last couple years have brought home to many of us some truths we simply didn't want to believe.

What kind of truths?

The vast majority of the cloud services listed above are run by for-profit businesses who naturally place their profits above your interests.

Your data, for them, is an asset. Many cloud companies crucially depend on the ability to exploit data assets. They will sell your data if they can. If they can't, they'll datamine it and sell information about you.

You agreed to that.

You are, like it or not, a participant in many large, standarized systems. Therefore, even though you simply want to use a basic service, if you don't play by their rules, they can control or even block you. Moreover, you probably can't customize the service too much for your own uses. The service providers make the choices for you. You have to go with the flow.

Search and subpoena laws, censorship laws, and government regulations apply to corporations that do not apply to you, the individual. That means information you put in corporate clouds is under the watchful gaze not just of those corporations but also of governments. If you're lucky, you live in a country that respects privacy and free speech even when your data is on a corporate server. But don't count on it.

The reason so many violations of your privacy (something most of us should be a lot more hardcore about) have come to light is that so much of our data is in the cloud now, and a lot of people in business just don't care very much about your privacy. When will Google start using zero-knowledge encryption for all your data that they store? Never. They want access to your data. They need access to your data. It's their business.

Sorry, but them's the facts.

What can we possibly do? Are we at their mercy? Should we, perhaps, trust governments—who also want access to all your data, for your safety—to monitor, regulate, and improve the situation?

But you can take back your data. Now. And if this is news to you, let me admit to you that it was news to me a few months ago when I first heard about it: you can install and manage your very own personal cloud for every single one of the cloud services listed above. And it's not expensive. And it's not that hard to do.

I know it sounds bizarre. It is bizarre, but it's true.


A NAS, or network-attached storage device, was once thought of mainly as a hard drive (or several) attached to your network. But as NAS vendors began selling devices with their own operating systems and Internet connections, the term was repurposed to mean your very own turn-key server. Turn it on, put your stuff on it, and you can access your personal data from anywhere.

NASes are easy to use, but "turn-key" is not quite right. No NAS on the market, that I know of, is as easy to start using as a regular computer is. Getting one up and running takes some time; there is, as they say, a learning curve. But "turn-key" does get the flavor of the most popular NAS brands. The NAS devices for sale by Synology and QNAP especially, and others to a lesser extent, are intended to make it easy to have your own server, or your own "cloud." In fact, Western Digital (WD) sells NASes under the brand name "My Cloud" and markets them as "personal clouds." There's a bit of challenge, but it's not that hard to set these things up (more details below).

The reason to get a NAS, for me—or to get any personal server—is to replace all the software that has moved to the cloud. In case you're skeptical, let me give you a rundown. While I'll be talking about the NAS I just installed for myself and my family, which happens to be from Synology, there's an equally well-reviewed NAS system available from QNAP, and for those who have more technical skill, NextCloud (perhaps on a FreeNAS machine you set up) does many of the same things.

Let's just go down the list I gave above.

  • Document storage and sync. I now have an app that can sync documents on at least eight of my family's devices. I can update the document on my desktop, and if I save it in the Synology's office format, I can edit it directly in the browser, with changes showing up for other users in real time, just like Google Docs. There are documents, spreadsheets, and slides. Chat with other user accounts on your NAS (for me, my family members) is available in every document. This is available everywhere, because it's truly in the cloud. It's just that it's your cloud.
  • Email: You can host your own email on a NAS, if you want to go to heroic lengths that I don't recommend. Like web hosting, this is something you probably should leave to the professionals, for now. I have a feeling this is going to change in coming years, though.
  • Calendar: There's a rather nice app for that.
  • Contacts and address books: It's not "turnkey" yet. But something is available.
  • Online photos: Synology's Moments app automatically syncs your pictures with your camera, identifies people (without sharing data with Synology), uses (stand-alone) sophisticated algorithms to put pictures into categories, etc. Again, the pictures are available for quick and easy download from anywhere, and you don't have to worry about Dropbox or Google or whatever snooping.
  • Home video: Ditto—Moments works fine for this, but so does Video Station. Easily share your home movies with grandma, right from your own machine.
  • Movies/TV shows: Rip all your DVDs and Blu-Rays, then stream them anywhere (to your phone, tablet, computer, or TV) with an interface that looks a lot like Netflix. No need to rely on Apple or Amazon to keep digital copies of your movies for you. Wouldn't you much rather own and serve your own copies? I know I would.
  • Notes: There's an app for that, both for browsers and for your phone.
  • Password apps: Use your NAS's WebDAV server to sync your password data on your own machine; WebDAV is something that Enpass, for example, supports.
  • Bookmarks: Synology and QNAP offer no solution yet, but Nextcloud (which can be run on both) does.
  • Chat: There's a pretty awesome app for that; it closely resembles Slack. There are decent clients for browser, desktop, and mobile, again just like Slack.
  • Your blog: NASes allow you to host blogs and simple websites using your choice of platforms, such as WordPress, Drupal, and Joomla. I'm not saying I recommend this, though; your machine would have to be pretty beefy to handle the traffic you want to get. Server hosting for your blog is another thing that's best left to the professionals. But it's pretty damn cool that you could use a NAS for this.
  • Code hosting platforms: Would you rather not check in your code publicly or on an external server at all? Want to keep it to yourself but continue to be able to share it with people and use Git? There's an app for that. You can also host more advanced websites with many popular programming languages (including Ruby, which I use).

A NAS (which, again, comes in many brands, not just the one I happened to buy) can do all that for you. It's pretty awesome.

But maybe this shouldn't be surprising. After all, a NAS is a fully-functional server, and web hosts now bundle all sorts of turn-key (that word again) software solutions and make it available to their clients. So if you go to GoDaddy or Inmotion Hosting or whatever, they offer all sorts of complex software available to install at the press of a button. Why not slap similar software bundles on a server and sell it to the ordinary consumer? That's what NASes do. (And again, for reasonably skilled IT professionals with time on their hands, they can more easily than ever create their own real servers, which are typically much more powerful and cheaper than NASes. With a proprietary NAS system like Synology, you pay a lot for integrated software, ease of use, and support.) Then just think: insofar as cloud services are, essentially, just putting formerly private data online in the context of a server someone else manages, as soon as consumer web servers became feasible, it makes total sense that you could move your data back to a server you manage.

What do we have to thank for this? The years of fantastic labor by programmers to build and refine all the necessary software layers and scaffolding needed to create something like a "turnkey" solution to running your own server, complete with multiple, ready-made software packages—even if you are nowhere near a professional server administrator.

Put even more simply, a NAS device gives you the power to take control of your own data in your own home. It used to be that we had to rely on the Apples, Googles, and Microsofts of the world in order to connect all the devices we own together, share data with friends, and get the use of common Internet services. With the advent of increasingly easy-to-use NASes, we don't have to. We can declare our independence from Big Tech.


But, you ask, doesn't all this rather awesome software power cost a lot of money? Well, entry-level NAS devices (like this from Synology and this from QNAP) cost less than $200, plus another $80 (say) each for a couple of hard drives. I'm not saying I recommend buying a cheap machine like this, any more than I would recommend buying a cheap laptop. But that might serve your purposes just fine. The point is that these machines are basically computers, so they cost about as much as a computer. The Synology NAS and three drives I got (with space for two more drives whenever I want), together with my fancy new router and modem, cost a little more than my new laptop. (By the way, if you have the time and technical chops to able to set up and maintain a web server with less support, it's easier than ever to do so, and for the same amount of money, you could get a machine that would be much faster and better than my NAS.)

"OK," you say, "maybe it's possible to set up. But how good could it be? I mean, you really think I'll be able to replace my family's Slack group with Synology's chat app? It must be inadequate. Or replace Google Docs with their Office app? That seems unlikely."

Before I saw the capabilities of the systems, that's what I thought, too. Then when I got my own, and started using it (several days ago), the proverbial scales fell from my eyes, and I'm a believer. This is surprisingly solid software. It might have been "bleeding edge" a few years ago, but it's excellent today. The functionality is all accessible via the browser, but there are also a few good desktop apps. It also comes with a lot of excellent iOS apps that you can use to access your NAS's functionality. So far I've installed the photo app (replaces whatever you used to upload your pix to permanent storage and gives you access to all of your pictures, not just the ones currently on your phone), the chat app, the drive app (which is a replacement for both Google Docs and Dropbox), the video app (which allows me to stream videos my boys are ripping from our DVD collection), the notes app (replaces iOS Notes), and the calendar app. So far, I don't see any advantages Slack has over the chat app (just for example). Their collaborative document editing app Synology (Office, installed when you install Drive) is excellent for basic editing, and it seems to be just as good as Google Docs.

"OK," you say, "maybe it's not that expensive, and maybe it's decent quality software. But isn't this a lot of work to install?"

Less than you might think. But it depends on what you mean by "a lot." It takes a few hours, maybe, to turn the thing on, network it with your devices, and get the first services up and running. You'll probably spend more time actually picking the thing out and upgrading your Internet speed as well as modem and router (which is something you'll need to do if you have old equipment). It takes more hours (depending on how much of the functionality of the thing you use) to get the full range of functionality set up—anywhere from ten minutes to several hours, depending on the app. Getting started with Synology's chat app is dead simple, for example, but importing all your pictures might take serious time. A lot of the time I've spent so far has been in migrating data from the Internet and my desktop and backup drives to the NAS.

So, sure, it takes a reasonable time investment. But it is so worth it.

"But," you say, "I'm not a terribly technical person. I can run all the software of the sort you mention if somebody has set it up for me in the cloud, but I can't imagine running my own server."

It's not that bad. Let's just say you need to be a "power user" if you want to do it all yourself. If you have ever set up your own WordPress website, or installed Linux, or registered and pointed a domain name (without help), or done basic programming, then you're up to the task of installing one of these devices without too much help. If you're just a regular computer user, but you have never done anything like that, then installing a NAS might be a bit beyond you. You still might be able to handle it, though.

In any case, I'll bet you know someone who could install one for you if you bought them dinner, or paid them a little. It's not a huge deal. It's not like "setting up your own web server." It's more like "setting up your own home network." It's easy enough for the local geeks to handle.

If you don't have access to a geek, you can hire one.Here's a service, Amazon does it more cheaply, probably Best Buy would do it, some of these guys could do it, etc.


In short, installing and running your own server is today approximately as difficult as computer installation was in 1985, or home networking in 1995, or home theater today. (As it happens, NASes are often purchased as a component in a home theater system.)

The low price and high value of NAS devices, together with their ease of installation, makes me think they're ready to take over the world. I for one am never going back to centralized cloud corporations. I hate them (yes, even Apple), and a growing number of people share my feelings: we absolutely despise the encroachments of those corporations on our privacy and liberty.

Many of us are looking for answers. Many are already doing the sorts of things I listed back in January in "How I'm locking down my cyber-life." In their responses to me there, a few people mentioned they were using their own cloud servers. (Those mentions are what first introduced me to NASes, so please keep up the excellent blog comments!) That struck me at first as being a little too hardcore. Having actually bought and installed a NAS, though, I don't think so. Getting your first NAS is like getting your first computer back in the 80s, or your first smartphone in the 00s. You might have had to wrap your mind around it. It causes a bit of trouble. It requires some getting used to. But probably, you'll forevermore have a computer and a smart phone.

The consumer potential of NAS devices strikes me as being potentially similar. Maybe it will become the sort of device that will seem indispensable in 10 or 20 years. I imagine a conversation with a future child, looking back at the cloud era of 2005-2025:

Child: "How could we ever choose to just give all our data to giant corporations? It was so insecure and allowed mass surveillance by government. Were people crazy?"

Greybeard: "Sort of, but you can't really blame us. During that time, the software for NASes wasn't developed well enough yet for ordinary people to run their own servers. But once a few companies started really nailing it, everybody started buying their own NASes, because it was easy. The people who kept using Gcal, Dropbox, Google Docs, Instagram, etc.—well, if you were as old as I am, you'd know what these are—those people started looking uncool. All the cool kids were serving their data themselves."

Child: "Like everybody does now?"

Greybeard: "Yes, like everybody does now."

That could happen. But is it realistic? Time will tell. Sure, it's possible that owning your own cloud server will forever be the domain of geeks. But an industry analysis from a year ago says we're moving in that direction:

The NAS market is witnessing an accelerated growth and is projected to register robust [20%] growth over the forecast timeline [to 2024] due to the rapidly increasing applications of Big Data analytics & data mining, increasing popularity of NAS solutions in home/consumer applications, and the growing adoption of cloud-based network attached storage solutions.
Global Market Insights, May 2018


In the struggle against privacy incursions, we have tools beyond NASes, of course. In fact, I see two other, concurrent trends that will allow us to fight back. There is the growing demand to own your own data and decentralize social media. (I was writing and speaking a lot about that in the last few months, but don't think I've dropped the issue.) And there is, of course, the massive, revolutionary impact of blockchain, the essential effect of which is to disintermediate economic relationships. Being all about encryption, the blockchain world holds out the promise of a new kind of secure, private, encrypted cloud computing.

Allow me to speculate about how the Internet might work in ten or twenty years.

Many of us (I imagine someone saying, a few decades hence) have installed a NAS or, if we're geekier, have a server rack at home. Pretty much all small businesses run their own NASes as well. From these devices, we serve most of the data that was formerly held by Google, Apple, Microsoft, etc. Many of us even run our own mail servers, both because it's more secure and because the software and industry standards have improved so much that it became feasible. Our blogs are also hosted at home; the shift came with NAS tools that made it dead simple to transfer data and settings from remote servers to our local one.

Of course, some of us hit the big time with our blogs and websites. But they are still run from home. This is not something we could possibly have imagined in 2010. At that time, no one even imagined the implications of distributed computing on the blockchain, of which EOS was an early supporter. Whenever we update our NAS, it communicates with various blockchain services using zero-knowledge encryption. This shares out our data (and, when we choose, the keys to unlock it) among many other users who participate in the same system; thus our NASes are constantly working, supporting the whole tech ecosystem. We have no way of knowing which encrypted Internet services are being worked on in this decentralized cloud, which is much more of a "cloud" than the early Dropbox ever was. In any event, if a blog of ours gets a lot more traffic than our NAS can handle, then if we have turned on blockchain integration, the traffic is assembled and served using many other machines—and we, of course, have to pay more into the system or else our users will experience bad old-fashioned server lag.

In a similar way, our social media data is served, and locked down, using our own NASes. The days of Facebook selling our private, proprietary data are long over; social media companies still have dossiers on you, but they aren't as thick, and they aren't informed by any private information.

Perhaps what really got the ball rolling was Edward Snowden in 2013 and others revealing that the NSA (and other government agencies) were listening in on pretty much everything you do online. Once Facebook repeatedly made it clear that they don't care one little bit about your privacy, and people started moving their social media data to their NASes, the usual suspects in government began to complain loudly that encryption prevented them from their mass surveillance. They didn't put it that way, of course, but that's what they were upset about. They really didn't like it when NAS companies made easy, turnkey drive encryption standard and started pushing and teaching two-factor authentication.

In any event, now that social media content is served from our NASes—with support from blockchain networks—your feed is constructed by pulling your data from literally all over, but incredibly fast, because requests can be fulfilled from many different machines, some of which are bound to be nearby.

There was a time when IoT (the Internet of Things) was regarded as not very viable, because people didn't want to buy objects that could be used to spy on them. NASes and the blockchain, again, changed all that. When open source NAS software came into existence proving that your IoT data was stored on your NAS and unlikely to leak out (or, no more than any other of your data), and that it was always routed using encryption, and when this data became possible to sell on the blockchain without compromising your personal security, the whole ecosystem just took off: that's when "secure, monetizable IoT data" became a thing. Even data from your car is routed through your NAS (not through the NSA) if everything is set up properly, so that the NSA and automobile manufacturers can't spy on you. Of course, in an emergency, your data is sent by the fastest (and less secure) route possible, but you always get a notice in that case.

In a lot of ways, the Internet is the same as it was in the 1990s and 2000s. But most websites store your information encrypted in the blockchain, and they know they have to interact via blockchain services if they want to do work on it securely—because nobody is willing, any longer, to expose their data if they don't have to.


Well, we can dream.


Are we becoming indifferent to freedom and democracy?

Originally posted December 19, 2015. Reposting. More relevant than ever.

I know, I know: That title sounds ridiculously click-baity. But if you'll look at my blog, you'll see that I don't really go in for click-bait titles.

Unfortunately, I mean it quite literally. It's an enormous problem that we aren't talking about enough. And I want to propose that one reason for it is a massive failure of civics education.

Support for democracy is declining. First, let's talk a bit about support for democracy—yes, democracy itself, as in voting for your leaders and representatives and holding them accountable in the arena of public debate. Only one in five Millennials aged 18 through 29 cast a ballot in the 2014 elections—the lowest youth voter turnout in 40 years, says the Atlantic.

As Vox recently asked, "Are Americans losing faith in democracy?" The article makes a series of points illustrating that Americans, especially younger Americans, are ignorant of and aren't engaging in American political life. The article's main source is a forthcoming paper by Roberto Foa and Yascha Mounk titled "The Democratic Disconnect," together with the World Values Survey. The writers summarized their own work in the New York Times last September.

Asked how much interest they have in politics (as Vox reports), Americans born in the 1930s said "very interested" or "somewhat interested" almost 80% of the time; for those born in the 1970s, the figure dropped to about 50%, and for those born in the 1980s, it was continuing to drop just as precipitously.

More sobering is the survey question about how essential it is to live in a democracy, rated from 1 to 10. The percentage of Americans responding "10," essential, has dropped from the 70% range for those born in 1930 down to the 30% range for those born in the 1980s. A 40% drop in support for democracy itself is a momentous generational change.

In case you think that's a mistake, compare that to a question asking whether "having a democratic political system" was a "bad" or "very bad" way to run the U.S.: while the percentage for those born in the 1950s and 60s hovered around 13%, for those born after 1970, in the surveys since 1995, the percentage rose from about 16% to over 20%.

Even openness to army rule—something we associate with banana republics—has climbed from 7% to 16% of all Americans.

Support for free speech in America is declining. This is incredibly important: the Pew Research Center found that 40% of American Millennials are OK with limiting speech offensive to minorities (up from 12% for seniors aged 70-87). A stunning 51% of Democrats want to make "hate speech" a criminal offense, and 37% of Republicans. If you have even a passing familiarity with First Amendment law, you'll know that these things are contrary to the First Amendment.

That is how it is possible—and not implausible—that 50 Yale students could sign a petition within an hour to repeal the First Amendment, as this video of Yalies showed:

What the video shows notwithstanding, Yalies are very smart. They can compare their attitudes toward offensive and hate speech with what they learned in their elite civics and history classes about the First Amendment, and infer that they're opposed to the First Amendment. If they're reasonably intelligent, self-aware, and honest with themselves, as some Yalies are, they'll recognize that their intolerance to certain kinds of speech commits them to an opposition to free speech.

The increasing hostility toward free speech among many of our future leaders at elite colleges like Yale has been frightening to many of us, and has sparked a national conversation—an example is here, summarizing some recent episodes and calling academe to return to free speech.

Here's a possible reason why: Civics education has been weak for years and recently declining even further. I don't pretend to know why support for democracy and free speech have been declining, but if our students for some generations have simply not been well educated about basic American civics, that must be part of the explanation.

In the National Assessment of Educational Progress—the "Nation's Report Card"—for 2014, only 23% of 8th graders scored at or above proficient in civics. While 39 states do require a course in American government or civics, only two states require students to pass a test in American government/civics to graduate from high school. As the Civics Education Initiative reports,

[T]he Civics Education Initiative...requires high school students, as a condition of graduation, take and pass a test based on questions from the United States Customs and Immigrations Services (USCIS) citizenship civics exam – the same test all new immigrants must take to become U.S. citizens.

To date, six states...have passed legislation implementing the Civics Education Initiative, with a goal of passage in all 50 states by September 17, 2017 – the 230th anniversary of the signing of the Constitution.

But, you wonder, if new immigrants have to pass this citizenship civics exam to get in the country, wouldn't American high schoolers be able to pass it? No. In studies, only 4% of high schoolers in Oklahoma and Arizona passed it.

The National Council for the Social Studies published a position statement summarizing the sobering truth: "Sadly, the narrowing of the curriculum that has occurred over the past several years combined with the scarce attention to civic learning in a number of state standards and assessment measures has had a devastating effect on schools' ability to provide high quality civic education to all students."

According to a 2011 study by the Intercollegiate Studies Institute, ignorance was not rectified at the college level:

beyond mere voting, a college degree does not encourage graduates to become actively engaged in more consequential aspects of the political process. Said another way, among persons with equal civic knowledge, those having earned a bachelors degree do not demonstrate any systematic and added political engagement beyond voting. ... A college degree appears to have the same negligible participatory impact as frequently listening to music, watching prime-time television, utilizing social networking sites, and emailing.

Knowledge of basic political facts among the general public is shockingly low. For example, only 40% of Americans surveyed in a recent survey by Pew knew which party controlled each house of Congress, and only about a third of Americans could even name the three branches of government.

Civics isn't easy, and political philosophy is even harder. But both are necessary. If this purported decline of commitment to the basic American system is real, and if it's rooted in poor civics education, it doesn't seem surprising to me.

For all the emphasis on reading and the massive, feature-rich language arts textbooks, American public school students don't have to read many books, period. Most of them are not prepared to read and comprehend the Constitution, much less the complex historical works such as The Federalist Papers, Common Sense, and Democracy in America that explain and defend the American system.

Education matters. It is likely that we will face more battles in higher education and, increasingly, in the public sphere over the necessity and advisability of maintaining robust democratic institutions and adherence to free speech. I fear that as we answer more and more attacks, reference to the Constitution and American political principles will not be sufficient. Part of the problem can be laid at Jefferson's doorstep, when he wrote, "We hold these truths to be self-evident." The fact is that they aren't self-evident, that philosophers have argued for and against them quite a bit, and in the years ahead, the better the pro-freedom side acquaints itself with those arguments, the better chance we'll have.


Vendors must start adding physical on/off switches to devices that can spy on us

Update (May 15, 2019): This post was linked and its author quoted as a source in this Fast Company article on the same subject.

Where's my webcam's off switch?

Have you ever noticed that your webcam doesn't have an "off" switch? I looked on Amazon, and I couldn't find any webcams for sale that had a simple on/off switch. When I thought I found one, but it turned out just to have a light that turns on when the camera is in use, and off when not—not a physical switch you can press or slide.

The "clever" solution is supposed to be webcam covers (something Mark Zuckerberg had a hand in popularizing); you can even get a webcam (or a laptop) with such a cover built in. How convenient! I've used tape, which works fine.

But a cover doesn't cover up the microphone, which could be turned on without your knowledge. Oh, you think that's impossible? Here are some handy instructions. Or maybe you'll say you're not paranoid—it's not a serious problem? Don't be so naive, said the FBI seven years ago (they're worried about predators stalking children), and the Atlantic, and USA Today more recently. The issue isn't going away. With hacking skills growing more common, the problem has surely grown, if anything, more dire.

Another "clever" solution is to use a software off switch, like this (for Windows). But it simply turns your webcam's driver on and off. Of course, it's not too hard for a sufficiently skilled hacker to turn your driver back on and start recording you without your knowledge.

For USB devices, you can use a USB off switch like this, which seems like a good idea; but it doesn't solve the problem for devices with built-in cameras and microphones like laptops and smart phones.

The humble "off" switch is now high technology. It is a significant selling point for the single device that I could find that comes equipped with one.

Do any computer cameras with "off" switches (not just covers) exist? They seem to be very rare at best, but I was able to find one: the company building a Linux phone, Purism, has a whole page devoted to the joys and wonders of its off switch—which is kind of ridiculous, if you think about it. The humble "off" switch is now high technology. It is a significant selling point for the single device that I could find that comes equipped with one.

(By the way, I have absolutely no relationship to Purism. I write about them because their focus is privacy and I've been writing a lot about privacy.)

The kill switch on Purism's Librem laptop (c) Purism 2019

Your phone has the same problem, you know

Tape over the webcam? Covers to disable the functionality we paid for? Why on earth do we go to these lengths when hardware vendors could simply sell their products with off switches? The more I think about it, the more I find it utterly bizarre. Don't these companies care?

I've just been talking about webcams, but let's talk about the really horrible spy devices: your smart phone. Oh, your Android phone can't be hacked? Here are some handy video instructions, viewed over 300,000 times and upvoted 1,100 times. Surely not your iPhone? Don't be so confident; hackers are very creative, as (for example) the Daily Mail has reported, and besides, Apple is proud of its patent allowing remote control of iPhone cameras.

Besides, it's been known since at least 2014 that the NSA had developed, as early as 2008, software to remotely access anybody's phone.

And yet there isn't a hardware off switch for your phone's camera and microphone, short of turning the device entirely off (but there's an app to turn the camera off). A device equipped with a hardware "off" switch for the camera and microphone isn't yet on the market, as far as I know. Purism is making one.

It's not just your webcam and your phone that you need to worry about, by the way. Do you have a smart speaker? At least you can mute Amazon Echo's microphone, and it's apparently a hardware switch, too, so well done, Jeff Bezos. That's important, if true, because it prevents software exploits. I found no word on whether Google Home's and Apple HomePod's mute buttons are hardware switches; maybe not. How about a surveillance or doorbell camera? How about your smart TV? Those can be hacked too, of course, and some of them are always listening. Wouldn't it be nice to have the peace of mind that they aren't listening to you when you're not using the TV?

In short, what if you want to turn these devices' cameras and microphones off sometimes, for some perfectly legitimate reason? Can you do so in a trustworthy, hardware-based way? In most cases, for most devices, the answer is No.

Let's demand that hardware vendors build hardware "off" switches

It's almost as if the vendors of common, must-have devices want to make it possible to spy on us. An enterprising journalist should ask why they don't make such switches. They certainly have deliberately made it hard for us to stop being spied upon—even though we're their customers. Think about that. We're their bread and butter, and we're increasingly and rightly concerned about our security. Yet they keep selling us these insecure devices. That's just weird, isn't it? What the hell is going on?

But this, you might say, is both paranoid and unfair. Surely the vendors don't intend to spy on you. Why would they add an off switch when nobody will turn your camera and microphone on without your consent?

But, as I already said, it's a hard, cold fact that hackers and government and corporate spies can and sometimes do turn our cameras and microphones on without our consent. This isn't controversial and, for anybody who is slightly plugged-in, shouldn't be surprising. Security experts have known that, for many years, regardless of the intentions of hardware vendors like Logitech and Apple and large software vendors like Skype and Snapchat, the hardware, firmware, and software that run our devices just are susceptible to hacking. It's just a fact, and we are right to be concerned. So these companies are responsible for building and selling insecure systems. At a minimum, they could be made significantly more secure with a tiny bit of hardware: the humble "off" switch.

If your webcam, or your phone, or any other device with an Internet-connected camera or microphone (think about how many you own) has ever been hacked, these companies are partly to blame if it was always-on by design. They have a duty to worry about how their products make their users less secure. They haven't been doing this duty.

It starts with us. We the consumers need to care more about our privacy and security. We're not powerless here. In fact, we could demand that they give us an off switch.

I think we consumers should demand that webcams, smart phones, smart speakers, and laptop cameras and microphones—and any other devices with cameras and microphones that are connected to the Internet—be built with hardware "off" switches that make it impossible for the camera and microphone to be operated.

Do you agree?


How I chose a NAS

A network-attached storage (NAS) device is your own Internet server—your very own "cloud"! I decided to get one for my own reasons. But which, and configured how, exactly? Here's what I came up with for myself.


A NAS server (credit to Bin im Garten on Wikimedia Commons, CC by-sa 3.0)

After dropping Dropbox, and then ditching Resilio Sync, I decided to get a NAS. To pull this off, it seemed to me I had to answer the following questions:

  1. Type of server. Should I roll my own personal server using Nextcloud (or OwnCloud; but probably Nextcloud) on Linux, with a regular web server (device/box/CPU), or get a NAS server instead?
  2. Server software. Assuming the actual box I purchase is a NAS, should I go with the proprietary software installed on the box (of any kind), or install Nextcloud and plan to use those features?
  3. NAS vendor. There are actually two-closely related questions here. (a) Which brand of NAS box should I purchase if I do decide to use proprietary server software for the NAS? (b) Which proprietary server software do I prefer, regardless of the box? It is the combination of the two questions that would determine which vendor I'd purchase from.
  4. RAID/drive configuration. This also has two closely-related questions. (a) What RAID configuration should I plan to set up? (b) How many bays should I plan to get? In other words, how many drives will the server have, and how will they function together to serve as automatic backup or redundancy?
  5. Beefiness. How much machine do I need?
  6. Drives. Which drives should I put into the NAS bays?

Answering these questions helped me decide which box I would purchase. But because these are some difficult-sounding and (to me) unfamiliar questions, I decided first to get to the nut of the issue. After all, I did already know why I wanted a NAS and what some of my requirements were.

I wanted a NAS (as I said) first and foremost as a replacement for Dropbox. I actually didn't have very much data in Dropbox; I had more (over 500 GB) on my hard drive, backed up to an external drive. If I felt I more confident about my data storage, backup, and long-term continuation strategies, I might digitize (or pay a kid to) a hell of a lot more of my data. (10 GB per DVD/Blu-Ray at ~200? disks = 2 TB. Could be doable!) So it might be a good idea to err on the side of lots of space.

But the thing that pushed me to a NAS solution, over syncing all my devices directly such as Resilio accomplishes, is the availability of lots of awesome personal cloud software, for things like calendar, contacts, and who knows, maybe even email. (I finally called my current mail hosting provider. They don't encrypt my mail on their servers. They can quite easily read my mail. I don't think they do, but I have to trust them. Sucks to have to trust them. But I will probably not try hosting my own email; that's really hard to get right.) Since Synology has so much decent software (so it appears; check out their packages list and demo), that eventually inclined me toward them. Any NAS should also let you install and run Nextcloud, which is open source and has a boatload of similar free software for your personal home server.

Now, if I was going to put mission-critical things like calendars (which need to be up-to-date!) and shared/collaborative documents on this server, then I should also have a sufficiently beefy and fast machine. (I also upgraded my Internet connection to the fastest home connection.) One of the differences between Synology and QNAS is that the latter is supposed to be stronger on hardware specs but weaker on software functionality (maybe). That was bothersome, because I wanted both to be awesome.

All right then—how did I answer the questions?

Type of server

Question: Should I roll my own personal server using Nextcloud (or OwnCloud; but probably Nextcloud) on Linux, with a regular web server (device/box/CPU), or get a NAS device instead?

This one was easy to dispatch. It looked to me as if, supposing I tried to set up my own server, then running Nextcloud on it wouldn't be the hard part; running a good old-fashioned server would be. I'd have to make time to learn good old-fashioned server administration, which would be hard even if I ran FreeNAS, an open source operating system for self-built NASes. And even if I wanted to do that (server administration would be a cool skill to have), if I don't have to learn all that, because NASes solve all these problems for me, then I don't wanna.

Now, if I were still a poor student or a full time developer/engineer, maybe I'd be rolling my own. But since I can afford to let someone else do all the hard server setup work, I reasoned, I will.

So, I said, forget that noise. It's a NAS for me, period.

Server software

Question: Assuming the actual box I purchase is a NAS, should I go with the proprietary software installed on the box (of any kind), or install Nextcloud and plan to use those features?

When I first wrote the above questions, I was laboring under the false assumption that I would have to choose between the Nextcloud suite of server applications and whatever Synology or QNAP offered. But this is false. You can run both on the same NAS!

There are a number of guides online to installing Nextcloud on Synology and on QNAP. So if I want the functionality that Nextcloud offers, because Synology, QNAP, or any other NAS doesn't cut the mustard, then I can always do that.

My biggest misgiving, to be honest, is that companies like Synology and QNAP don't always seem to have the user's privacy foremost in mind, but they're better than most. (I found this discussion of the issue useful.) Certain apps and support might require that the vendor will have some access to your data. But this is the price you pay for not using free software; as far as I know, the only way to absolutely guarantee the privacy of your information is if you enjoy total ownership over your hardware and software. But in this case, it involves developing skills (server administration) that I just don't have time for these days. So I'll just have to be careful and conscientious in what information I give to the vendor, what I install, what privacy issues it has, etc.

Besides, I figured, I could always install and run NextCloud on the device, and that's open source. So maybe was OK.

As this was a question I didn't have to answer yet, I decided to kick it down the road.

NAS vendor

Question: There are actually two-closely related questions here. (a) Which brand of NAS box should I purchase if I do decide to use proprietary server software for the NAS? (b) Which proprietary server software do I prefer, regardless of the box? It is the combination of the two questions that would determine which vendor I'd purchase from.

This was the first question that I couldn't quickly gloss over. Given that I knew I'd be buying a NAS, it followed that I'd be buying a machine that is already set up with its own operating system and, in the cases I'm most interested in, support for the suite of cloud apps I'm after (actually pure Linux NAS systems are available, but strangely expensive).

I had a few desiderata here:

  • Must have strong privacy and security policies and practices. The biggest reason to get a NAS, for me, is to avoid the privacy and security issues associated with hosting my data in a shared public cloud like Dropbox. So the operating system had better not phone home, the way Windows and Mac do, and the software should generally have strong privacy practices. Strong plus if data encryption features and two-factor authentication are built in and automatic or easy to implement.
  • Must be fast and powerful enough for daily use. I'm not sure how powerful it has to be, and it certainly depends on my Internet connection. But the bottom line is that syncing should not take forever, I shouldn't have to constantly wait for things like calendar entries to update, chat apps shouldn't be laggy, photos should upload and download reasonably fast so my family and I can use the server, etc.
  • Software in the ecosystem must be feature-rich and easy-to-use. Assuming it makes sense to make generalizations about the software ecosystem of a vendor, the software should be advanced and "ready for prime time," or as much as possible. For example, the syncing software should enable me to restore old versions that were mistakenly deleted. I should be able to share files with fine-grained permissions. The office collaboration apps (Google Docs/Sheets replacement) should offer real-time updating without significant edit conflicts. Updating the system should be automatic, i.e., as easy as it is to update Ubuntu (more or less automatic, if that's what I want, as it happens to be).
  • Prefer good reputation and reviews. Specs count for a lot, but so do reviews and reputation.

There are, essentially, two top NAS vendors that everybody talks about: Synology and QNAP. There are other vendors, to be sure, including (not a complete list) Asustor, TerraMaster, Netgear, and WD. But Synology and QNAP seem to be the gold standard, and since I had no desire to spend many hours or days looking over the differences between all the others, I initially narrowed down my choice to these two.

In my travels around the Internet, I found that Synology is marketed and thought of as being a home solution for the average reasonably technical user—or perhaps just for anybody who values UX highly, regardless of skill level. (I don't really know.) It apparently has an emphasis on simplicity and usability—the demo linked above gives great evidence of that—but sometimes (so I read) at the expense of configurability or choice. Synology puts more money into software than hardware, according to one prolific NAS reviewer; for the same money, a Synology box has more usable software but less satisfying hardware stats and overall speed than QNAP.

QNAP is sometimes portrayed as being more of a solution for more technical users, for whatever that's worth. While both ecosystems are based on Linux (and therefore presumably very configurable at some level), QNAP is again reputedly more configurable and speedier. It also has more apps available—but the apps are also sometimes a bit dodgier, or so I read. All of that sounds like Linux to me, frankly; but QNAP is actually more often compared to Windows and Android. Whatever, such comparisons are surely of limited value.

On this limited basis, being on the techier side who likes configurability, I was initially inclined toward QNAP. But on second and third thoughts, I heard a lot of breathless praise for Synology and the quality of its apps, including from some very technical people. And after all, I really care about software quality. Synology advocates say that its software "just works"—hugely important. A random person on Reddit replied to me saying, "From personal experience I run both Synology and QNAP devices and have done for several years. Synology has more robust software, generally more stable and less security flaws. QNAP provides faster hardware for the same money."

Reddit commenters seem to be fairly evenly divided between the brands, and machines from both brands are similarly rated 4 to 4.5 stars on Amazon.

I decided in the end to go with Synology. Usability is key. But I'd probably be about as happy with QNAP.

RAID/drive configuration

Question: This also has two closely-related questions. (a) What RAID configuration should I plan to set up? (b) How many bays should I plan to get? In other words, how many drives will the server have, and how will they function together to serve as automatic backup or redundancy?

A few different technical observers have said that one should err on the side of many bays, and that two is a definite non-starter. Why? Because two bays won't give you enough space unless you use a no-RAID setup, and part of the beauty of a NAS is that it has RAID support built in. (RAID, in case you didn't know, is an acronym for "Redundant Array of Independent Disks," and it is the practice of mirroring, and otherwise intelligently managing, data across several disks. It isn't the same as backup, but it can save you from losing data, so it can be a useful part of an overall backup plan.)

On the other hand, I don't have that much data, to be honest. Since Synology is expandable, I didn't go crazy and get a hell of a lot more space than I need—just a lot more than I need. For my personal, family, and modest business needs, I decided to get a five-bay device (it would have been four bays, but a five-bay device had double the RAM) and put three 2 TB drives in it. According to Synology's RAID calculator, this gives me something less than 4 TB of usable space, which is a lot for me. If I really wanted to rip all my movies, I'd have more than enough room. I can always add more drives and increase the size of the drives, too.

As far as which RAID configuration to use, since I've decided to go with Synology, I didn't even need to think about which kind to use: I just went with the cool "Synology Hybrid Raid" (SHR) setup. I don't understand it very well myself, except that it's supposed to be better than traditional RAID configurations for most uses.

Beefiness

Question: How much machine do I need?

When I sat down to figure out "how much machine I need," assuming I was going to get a Synology with four (or five) bays, I asked the Synology subreddit for help and the respondents generally said to just go ahead and get the beefiest four-bay machine. It was well within my price range and good value for the money, a couple people said. I asked a related question on r/HomeServer, where the DIY geeks tried but failed to make me feel guilty for not building my own server. (I did learn that I should choose my forums more carefully, though; and that, indeed, I might want to build my own server eventually, or have my son do it for me.)

A higher-end machine seemed necessary if I wanted to support (a) several simultaneous connections, (b) non-laggy real-time collaborative editing, (c) video streaming (seems like a good idea if the device is capable of it), (d) several apps/server processes running simultaneously.

So I decided to get the option with the most powerful processor (quad core Intel) and most RAM without actually voiding the warranty, and that ended up being this one.

Drives

Almost done! Last question: Which drives should I put into the NAS bays?

I have absolutely nothing intelligent to say on this one. I'll just share my conclusions. There are two main brands and models touted for NAS devices: Seagate IronWolf and Western Digital Red. Mostly because someone at Micro Center recommended them, I went with the SeaGate IronWolf. You can also choose the slower or faster versions; I got the faster-rated "Pro" version because disk access speed might actually improve the speed of response from my NAS when I'm out and about.

Conclusion

Wish me luck. The NAS and drives should arrive next week, and then I'll look forward to installing them on my network. I'll be getting a new router, too. (You should have a fast, secure, and modern router for a NAS, I gather, but I won't bore you with my ruminations on that.) All of that shouldn't take long. Rather longer will be the installation of the many and various NAS apps (and corresponding mobile apps) I'll need, along with the upgrading of my contacts, calendar, and of course my file sync program. The longest part of that process will probably be the actual copying of data from my computer's drives to the NAS. Hopefully, I won't have too much trouble converting my data folders, now associated with Resilio Sync (and earlier, with Dropbox) to whatever the Synology app I use on my computers and phone.

Another necessary step will be to do setup a zero-knowledge cloud backup—one that is strictly a backup, with no sync, no file access, no nothing but encrypted data storage. Should be fairly cheap (much cheaper than syncing services like Dropbox).

And another thing: I'll have to really lock down the NAS, since so much important info will be on it. Fortunately, Synology does have a lot of tools for doing that.

And another: I might want to route all outbound traffic from my NAS through a VPN. That's possible. (You can also use the NAS itself as a VPN node, but I'm not sure why, if you've already got a VPN to use; maybe a reader can tell me.)

What about the fun stuff? Well, in the very near future, I look forward to being able to do all this:

  • Delete all Google Docs I own; host my own real time collaborative documents. All of the Google Docs and Sheets I own, I'm moving to the corresponding Synology app on my own server. As far as I've been able to ascertain, the functionality is pretty much identical. I can't necessarily expect my work colleagues to stop using Google Docs, so I won't be able to rid myself of my Google account completely, but I will be able to get rid of most of my dependency on it. (There's still YouTube, though. I'm still all in, there.) But the cool part of course is that the documents I edit in real time will live right there on my own machines, in a private network I can open up to whomever I want.
  • Delete Google contacts. Completely delete all my contacts from Google, because I'll have them in a single central copy on my NAS (but with redundant copies on my devices).
  • Delete Gmail archive and set up Gmail vacation message. Since that was the main thing I was waiting for before rendering my Gmail account nonfunctional, I'll then make sure I have a local copy of all my Gmail archive, then delete all my old mails from Google servers. Then, finally, set up a "email me at my new address" on Gmail, something I've sort of been putting off until getting completely ready to separate myself from Gmail (not just my ongoing personal mail use, but all data archives, too).
  • Move Gcal data to Synology Calendar. I'm still using Gcal because I haven't had a privacy-respecting cloud solution. Soon, I will. Finally I'll be telling my colleagues to put my appointments invites on my own calendar on nas.sanger.io or—why not—just send me a mail and I'll add it myself. We've gotten so used to dealing with automatic invites that we've forgotten how stupid simple adding an appointment is by hand yourself. Hardly any time at all.
  • Stop using Slack for family chatting; start using chatting on our family server. Even if Papa is on the other side of the world, we'll be able to connect to each other via the same server that's right at home. My wife won't worry (as she does) that someone at Slack (or some hacker) is watching over our shoulders, since the whole encrypted chat takes place via our own server.
  • Keep my password manager datafiles in sync. I've had trouble with this ever since switching to Resilio and trying to use a single datafile shared by all instances. Instead, now I'll be able to use Synology's (and Enpass's) support for the WebDAV standard to keep the datafiles in sync. Yay!
  • Share pix with family like Dropbox, listen to streaming music, audiobooks, and podcasts like Pandora, and watch ripped streaming videos from anywhere like Netflix. Seriously, Synology even designed their video player's UX like Netflix's. So if I do decide to rip all those DVDs, I'll be able to watch videos that were formerly on a shelf in my living room while I'm unwinding after a speech far, far away. We can also stream the videos through the NAS straight to the TV, which is also cool. After this, I might not buy any more physical disks; I might just go ahead and buy digital all the way and stream stuff, assuming I don't have to deal with DRM headaches.
  • Maybe set up a Mastodon instance. That would be a great option, previously not available to me (or, not entirely controlled by me), for a new social media experiment I can use with my former Facebook friends.
  • Maybe get some security cameras. I wouldn't have done it before for the simple reason that I don't want the data online, as it would be. But if I can host the data myself, maybe it's OK.

Of course, there's a huge caveat: if it works as advertised. We'll see!


There are no NPCs

International travel drives home that insight that, contrary to a put-down used by immature people, and consistent with Jordan Peterson's frequent observation that our biographies are all fascinating, there are no NPCs in the world: the variety of human experience is stunning.

Yesterday I was delayed (here in Tokyo) by a long, long queue of pretty young Japanese women, all dressed exactly alike (black skirt, white blouse). I was told they had been interviewing for jobs. When I asked why they dressed all alike, I was told simply "Japanese culture." I instantly imagined someone watching the parade of future businesswomen and thinking of them as interchangeable drones, or movie extras, or "NPCs." But I am incapable of viewing them that way.

These ladies were not "NPCs." Each had her own story; the perspective of each would, upon sufficient examination, be fascinating. The fact that they were dressed alike, while perhaps odd to Westerners like myself, is meaningless when it comes to their real individuality.

If the error of racism is dehumanization, its opposite is to look past apparent, reductive commonalities to what is unique, contextualized, and valuable in each of us. And that ultimately comes down to our minds—to how we think things through. I don't mean just our thought processes, but also the many products thereof, including our culture: philosophy, religion, musical tastes, how we conduct ourselves, our fundamental values. These things you must be capable of considering and tolerating, not necessarily supporting. I mean conversation of the sort that friends have, in which, while there might be some give and take and even occasional harshness, there is both sympathy, if not for position, then for common humanity, and a sincere desire to comprehend a point of view.

No one can claim to be enlightened (or "woke") on issues of race, gender, etc., if they are capable of dismissing whole classes of other people. The problem of prejudice has as its root an inability to consider others as individuals. And you can't claim to be tolerant if you are incapable of enjoying, without disgust, a conversation with a very different person, even a person with features you dislike or disagree with. (Of course you can't expect to like everything about everyone.)

So let me ask some hard questions.

  • Democrats: are you capable of having such a conversation with Republicans? Republicans, can you talk seriously with Democrats without giving up in disgust?
  • Committed feminists and men's rights activists, could you talk to each other without quitting in horror? I don't mean you have to tolerate abuse (I don't); but if they're just saying stuff you dislike, but politely, can you handle it?
  • Socialists, could you have a beer with a libertarian? Libertarians, will the thought that the person you're boozing with would love for you to be taxed at 70% (or whatever) permanently turn you off?

Etc., etc.

Even better, can you look past your disagreements and see lovely things about the other person?

You are intolerant, you are bigoted, if you are incapable of these sorts of conversations. Sorry to be harsh, but it's an important truth a lot of people seem not to realize, and they need to start doing so.

I doubt anybody really disagrees with me, too. I'd be fascinated to hear if anybody did. Many of us just need to grow a little more, and get off our high horses, and our social and political discourse could be radically improved.

How about it?


Cloud smackdown: NAS vs. Resilio Sync vs. Zero-Knowledge Cloud!

In my ongoing effort to lock down my cyber-life, I jettisoned Dropbox three weeks ago, and I'm quite happy I did.

But I'm not done with the reconfiguration. So, if you have the patience and credulity, you may listen in while an amateur deliberates about the choices...

People more expert about this stuff than I am: please review my various claims here for accuracy. I must thank a gentleman who gave excellent feedback and corrections on my VPN post from a month ago.

Why Resilio Sync isn't working out for me

As I explained in an update, the solution I went with—Resilio Sync plus backup to an external drive—had some drawbacks that were unexpectedly annoying. Foremost among these is the fact that Sync isn't a "set it and forget it" technology, i.e., you have to think about and maintain the state of your syncitude, since your devices have to be on at the same time (and Sync has to be working on both/all of them). Also annoying is having to rely heavily on traditional backup, because if God forbid you should delete something inadvertently, your deletion will propagate among your devices (if they're all on at the same time—entirely possible). I've had to use Dropbox's "restore" feature before; I figure it's only so long before I have to restore something from my backup, and what happens if my backup program's restore feature is screwed up or very hard to use? Oy.

These problems are annoying, but not horrible. However, I definitively decided that I had made the wrong choice when I discovered that Sync has no easy way (that I can find) to support the syncing of contacts, passwords, calendars, bookmarks, and text editor settings. Sure, you can sync a data file, but insofar as this same data file (i.e., identical copies of it) must interact correctly with software on each of your systems, then unless the software is specially and carefully written to work with an independent datafile that works the same on all your systems (I think Sublime Text is OK here), you should let your local copy of the software update its own copy of its datafile. This is one of those technical issues that sounds very abstruse, but which poses very real, concrete problems when the rubber meets the road.

The problem, essentially, is that you need to let your software (browser, password manager, calendar, or text editor) handle its own syncing via the cloud. There are two ways in which software can do this for you: (1) you use a cloud you pay for, like Dropbox (e.g., Enpass supports Dropbox syncing), or (2) you use the software vendor's cloud/server, as email syncs via IMAP with your mail host, which you must trust, or as Chrome and Firefox do with bookmarks, and as Apple does with your contacts and calendar. Boo! Hiss! I'd rather handle this myself and avoid the privacy/security risks, if I can.

Your very own cloud server: a NAS

Well...having decided I'm going back to the drawing board on a cloud/device syncing solution, I recalled that NAS devices solve this general problem very neatly. NAS means "network-attached storage," and it means basically your very own personal cloud server. It's an actual box that lives in your home or office, but it's also on the Internet, so you can access it from anywhere. It's not a traditional desktop computer; it's a server. With a NAS, when you sync your devices, they don't all have to be on, because they sync via the NAS, which is always on (but don't worry, it doesn't use much energy). If you ever have to restore your files, the NAS makes it easy without the trouble or worry of having to interact with fiddly backup software. In other words, "file restoration" is built in to the NAS's syncing software—an "undo" button for inadvertent deletion.

NASes (especially the Synology brand) come with a whole raft of software for syncing particular types of data that work with different apps, like calendars (oh joy! Finally, a plausible replacement for Gcal!), address books, passwords (using WebDAV), and more. This is a decided advantage over Resilio Sync, which simply doesn't offer such solutions.

NAS devices also support cloud-based collaborative document editing—basically, they replace Google Docs. It's insane what a NAS can do for you: not just syncing documents and data, not just collaborative document editing, but also (these are all available Synology packages/apps)

  • calendar (replaces Gcal and Apple calendar via iCloud)
  • contacts/address book (CardDav; replaces various)
  • chat (replaces Facebook Messenger, Slack, and Telegram; includes end-to-end encryption)
  • your own frickin' mail server if you're brave enough
  • photo sharing (replaces Instagram, Facebook, or whatever you use to share pictures with your family and friends)
  • Discourse (host your own web forum)
  • Apache and support for various programming languages like Java, Node.js, PHP, Ruby, as well as databases; i.e., make your NAS an actual, fully-functional web server
  • Redmine (project management and ticketing system; replaces Zendesk, Pivotal Tracker, Jira, Trello, Asana)
  • multiple options for blog, CMS, and wiki systems
  • video hosting and podcasting
  • VPN (i.e., turn your NAS into a VPN node)
  • Git and Git Server (put your code on your own Git server instead of using Github or Gitlab; handy if you have totally private projects)
  • built-in backup for the NAS

In short, just think of all the computing functions you farm out to the Internet just because you want something "always available from anywhere using a brower." Well, pretty much all of those services can be had via your own NAS, and a sizeable company (Synology) supports the software.

Now, I'm not saying these apps are as good as the ones available to you from the professionals. Your NAS is not likely to be as fast or as reliable as your current web host. But (a) it's yours, and (b) you don't have to worry about the prying eyes of corporate workers, or about hackers attacking the big corporate data honeypots (they might take a crack at your NAS if they think its defenses are poor, though).

Wait, what about zero-knowledge cloud services?

Oh, you thought I had forgotten about zero-knowledge cloud services, like Sync.com, Spider Oak, Pcloud (my son threatened to use this one himself because he didn't like Resilio Sync), and others?

I started out thinking these were good options, but in retrospect I see they don't hold a candle to NASes. They specialize in being always-on, reliable, and secure cloud sync/backup options. And that's good. The problem, however, is that there are an awful lot of cloud services we rely on that put you and your data in the same boat as Dropbox. And even if you don't need to host your own website or your own mail server, which is admittedly going a bit far, there are very sound reasons at least to want to host your own contacts, passwords, calendar, and so on.

I looked at the features offered by Sync.com, Spider Oak, and Pcloud, and while they seem to nail the traditional Dropbox feature set (which is good!), they don't support the other cloud features I'm anxious to have. One of the next items on my lock-down "to do" list is to finally replace Gcal and Apple Contacts, and to delete my calendar and contacts from Google. I just hate the idea of leaving these problems unsolved. My ambition is to completely divorce my data and habits from Google, Apple, and Microsoft products. I don't see how I can do that without either trusting somebody else, or running my own server. Since zero-knowledge cloud services are so underdeveloped at present—and if I were an investor, I'd put money into that, as it strikes me as a potentially huge growth industry—the only option left is a NAS.

Some final reasonable considerations

Let's take a step back and get reasonable, now.

What is the main concern motivating these deliberations? Not just concern about privacy, but a refusal to entrust sensitive information to corporations that are, essentially, black boxes to me. But maybe I can just accept some risk here. Isn't that reasonable?

Well, I wouldn't be where I am if I was prepared to answer "yes. " My sense of the thing is that having massive amounts of valuable data sitting right in their servers ends up being too much of a temptation to a lot of companies, and they can craft and interpret their privacy policies in a clever enough way to escape much legal risk. And even if I could trust their privacy practices, the many and growing number of security breaches means my data isn't safe.

I also don't like the direction that both government surveillance and authoritarian, paternalistic corporate cultures are moving in; while I don't expect the secret police to bust down the door anytime soon, or the remaining Big Tech companies I have relationships with to cut me off, it's a definite plus to cut ties with these institutions which have become so corrupt.

I admit my motivations are partly (perhaps only a small part) political. I'd like to lead a revitalized, individualistic civil society in a better direction, help support the ecosystem of privacy-respecting companies, and poke snoops, spooks, hackers, and authoritarians in the eye.

All that said, I don't expect others to think about this the way I do. We all have our paths to walk.

As for myself, I've concluded I will get a NAS after all. Wish me luck with the installation and configuration!


Gay activists and Hollywood liberals vs. traditional Muslims vs. free speech liberals

Here's a richly ironic slice of our strange, sad old world in 2019.

Ellen Degeneres is (quite rightly) protesting the Sultan of Brunei for introducing the death penalty (stoning to death) for gay sex. He's also executing people for adultery, but Ellen doesn't mention that:

https://twitter.com/TheEllenShow/status/1113177461276082177

To this, a reply was posted by an account, "Jihyo" (apparently, the name of a Kpop singer), who claims to be a Demi Lovato fan and medical student, and who writes various pro-Muslim comments. The reply was:

This is a Sharia law in Islam. And lgbt is never okay. I am an educated person & a medical student. In gynecology, urology & dermatology departments, we often get gay patients with terrible diagnoses. They always come with complaints relate to their sexual activities.
(I'm not embedding this because it repeats that Ellen tweet also might well be removed anytime by Twitter. But that's just a cut-and-paste quote of what "Jihyo" wrote.)

In the ensuing war of words, which you can easily imagine if you don't look for yourself, "Jihyo" is taken to task for being "cruel and inhumane," for being not in the "21st century," an "offensive agitator" and "nasty," etc.

One person more seriously responds that "there is no religious justification for this punishment." This is an interesting formulation: does the person mean that no religions cite any justification for stoning gays to death, or that no such religious justification would succeed if attempted?

For their part, the Sultan, his people (who perhaps understandably do not criticize his policies), and this "Jihyo" clearly disagree with both interpretations, as do many other Muslim countries, including Saudi Arabia, Iran, Sudan, Afghanistan, northern Nigeria, Yemen, and others. All have the death penalty for gay sex.

So now we have the interesting spectacle of Ellen, along with reliably progressive celebrities like George Clooney and Elton John, criticizing the Sultan of Brunei for a policy that they might or might not realize is already practiced in the most devoutly Muslim countries of the world.

And, interestingly, nobody is calling them "Islamophobic."

Well, why the hell not? Shouldn't they be called Islamophobic? What gives? If a conservative, or Allah forbid an alt-right conservative, were to dwell for long on the precise same facts about the modern Islamic world, if they were to call traditional Muslims "cruel and inhumane," not in the "21st century," an "offensive agitator" and "nasty," etc., then what would happen to them? Well, the U.K., Canada, Austria (probably all of the E.U.), and other countries do criminalize criticism of Islam—whether such laws should, in fairness, apply to Ellen's criticisms of Muslims seems unclear.

The weird unresolved tensions and rich ironies on display here are no doubt what caught the attention of a Paul Joseph Watson, who has worked for Alex Jones' Infowars for many years. Once, he called himself a member of the "alt right," before the term became much more clearly associated with fascism. He is, whatever else he is, an avowed foe of the left. Earlier today he posted an article on the kerfuffle titled, "LGBT vs Islam (Choose Your Fighter)," and wryly observed, "This one isn’t going to end well, is it?"

But is it only erstwhile "alt right" people like Watson, and free speech zealots like me, who observe the ironies involved here? Of course not. Old-fashioned Bill Maher could be counted on to notice the weirdness, too. He criticized Clooney for proposing a boycott of the Beverly Hills Hotel: "What about Saudi Arabia? If you really want to get back at them, stop driving or using oil."

Gay conservative Andrew Sullivan made some well-placed observations on Maher's show as well: "The nice thing about a free society is that you can have a political life and then you can have your actual life. Not everything has to be political." He added, "We shouldn't be dictating our lives by religion, according to the dictates of wokeness. It kills the vitality of a free society."

Sadly, this hullabaloo will all probably disappear in a week's time. Brunei will start executing gays, just like Saudi Arabia. Gay activists will go back to making common intersectional cause with Muslims from countries where those same gay friends would be executed. After a few years, self-righteous (but strangely unreflective) Hollywood progressives will once again start checking in at the Beverly Hills Hotel. Europeans and Canadians will keep enforcing blasphemy laws against Islamophobes who criticize Islam, even when such unwoke cretins are criticizing Islam for executing homosexuals—as long as the cretins aren't too powerful and aligned with the left, of course. Then it's OK. Then they're not Islamophobes.

Attempting to make sense of all this, the beautiful people will placidly declare that they "contain multitudes." Life will likely go on much as before.


Until this year, when I decided to lock down my cyber-life and reformed how I use social media, instead of writing the above, I would have just posted some snide remarks on Facebook or Twitter. But since I've quit Facebook and don't use Twitter except in service of media I have some control over, i.e., Everipedia and this blog, now I have to consider whether the issue is worth making a whole blog post over. In this case, I thought so.


Zuckerberg Is Wrong: Don't Regulate Our Content

Last Sunday, Mark Zuckerberg made another Facebook strategy post. (This is his second major policy post in as many months. I responded to his March 6 missive as well.) Unsurprisingly, it was a disaster.

I want to shake him by his lapels and say, "Mark! Mark! Wrong way! Stop going that way! We don't want more snooping and regulation by giant, superpowerful organizations like yours and the U.S. government! We want less!"

He says he has spent two years focused on "issues like harmful content, elections integrity and privacy." If these have been the focuses of someone who is making motions to regulate the Internet, it's a good idea to stop and think a bit about each one. They are a mixed bag, at best.

1. Zuckerberg's concerns

Concern #1: "Harmful content"

Zuckerberg's glib gloss on "harmful content" is "terrorist propaganda, hate speech and more." Applying the modifier "harmful" to "content" is something done mainly by media regulators, giant corporations like Facebook, and the social justice left. Those of us who still care about free speech—and I think that's most of us—find the phrase not a little chilling.

Let's be reasonable, though. Sure, on the one hand, we can agree that groups using social media to organize dangerously violent terrorism, or child pornography, or other literally harmful and illegal activity, for example, should be shut down. And few people would have an issue with Facebook removing "hate speech" in the sense of the KKK, Stormfront, and other openly and viciously racist outfits. That sort of thing was routinely ousted from more polite areas of the Internet long ago, and relegated to the backwaters. That's OK with me. Reasonable and intellectually tolerant moderation is nothing new.

On the other hand, while all of that can perhaps be called "harmful content," the problem is how vague the phrase is. How far beyond such categories of more uncontroversially "harmful" content might it extend? It does a tiny bit of harm if someone tells a small lie; is that "harmful content"? Who knows? What if someone shares a conservative meme? That's sure to seem harmful to a large minority of the population. Is that a target? Why not progressive memes, then? Tech thought leaders like Kara Swisher would ban Ben Shapiro from YouTube, if she could; no doubt she finds Shapiro deeply harmful. Is he fair game? How about "hateful" atheist criticisms of Christianity—surely that's OK? But how about similarly "hateful" atheist criticisms of Islam? Is the one, but not the other, "harmful content"?

This isn't just a throwaway rhetorical point. It's deeply important to think about and get right, if we're going to use such loaded phrases as "harmful content" seriously, unironically, and especially if there is policymaking involved.

The problem is that the sorts of people who use phrases like "harmful content" constantly dodge these important questions. We can't trust them. We don't know how far they would go, if given a chance. Indeed, anyone with much experience debating can recognize instantly that the reason someone would use this sort of squishy phraseology is precisely because it is vague. Its vagueness enables the motte-and-bailey strategy: there's an easily-defended "motte" (tower keep) of literally harmful, illegal speech, on the one hand, but the partisans using this strategy really want to do their fighting in the "bailey" (courtyard) which is riskier but offers potential gains. Calling them both "harmful content" enables them to dishonestly advance repressive policies under a false cover.

"Hate speech" functions in a similar way. Here the motte is appallingly, strongly, openly bigoted speech, which virtually everyone would agree is awful. But we've heard more and more about hate speech in recent years because of the speech in the bailey that is under attack: traditional conservative and libertarian positions and speakers that enfuriate progressives. Radicals call them "racists" and their speech "hate speech," but without any substantiation.

It immediately raises a red flag when one of the most powerful men in the world blithely uses such phraseology without so much as a nod to its vagueness. Indeed, it is unacceptably vague.

Concern #2: Elections integrity

The reason we are supposed to be concerned about "elections integrity," as one has heard ad nauseam from mainstream media sources in the last couple years, is that Russia caused Trump to be elected by manipulating social media. This always struck me as being a bizarre claim. It is a widely-accepted fact that some Russians thought it was a good use of a few million dollars to inject even more noise (not all of it in Trump's favor) into the 2016 election by starting political groups and spreading political memes. I never found this particularly alarming, because I know how the Internet works: everybody is trying to persuade everybody, and a few million dollars from cash-strapped Russians is really obviously no more than shouting in the wind. What is the serious, fair-minded case that it even could have had any effect on the election? Are they so diabolically effective at propaganda to influence elections that, with a small budget, they can actually throw it one way or another? And if so, don't you think that people with similar magically effective knowhow would be on the payroll of the two most powerful political parties in the world?

Concern #3: Privacy

As to privacy—one of my hobby horses of late—Zuckerberg's concern is mainly one of self-preservation. After all, this is the guy who admitted that he called you and me, who trusted him with so much of our personal information, "dumb f--ks" for doing so. This is a guy who has built his business by selling your privacy to the highest bidder, without proposing any new business model. (Maybe they can make enough through kickbacks from the NSA, which must appreciate how Facebook acts as an unencrypted mass surveillance arm.)

Mark Zuckerberg has absolutely no credibility on this issue, even when describing his company's own plans.

He came out last month with what he doubtless wanted to appear to be a "come-to-Jesus moment" about privacy, saying that Facebook will develop the ultimate privacy app: secret, secured private chatting! Oh, joy! Just what I was missing (um?) and always wanted! But even that little bit (which is a very little bit) was too much to hope for: he said that maybe Facebook wouldn't allow total, strong, end-to-end encryption, because that would mean they couldn't "work with law enforcement."

The fact, as we'll see, that he wants the government to set privacy rules means that he still doesn't care about your privacy, for all his protestations.

Zuckerberg's declared motives are dodgy-to-laughable. But given his recommendation—that the government start systematically regulating the Internet—you shouldn't have expected anything different.

2. Mark Zuckerberg wants the government to censor you, so he doesn't have to.

Zuckerberg wants to regulate the Internet

In his previous missive, Zuckerberg gave some lame, half-hearted ideas about what Facebook itself would do to shore up Facebook's poor reputation for information privacy and security. Not so this time. This time, he wants government to take action: "I believe we need a more active role for governments and regulators." But remember, American law strives for fairness, so these wouldn't be special regulations just for Facebook. They would be regulations for the entire Internet.

"From what I've learned," Zuckerberg declares, "I believe we need new regulation in four areas: harmful content, election integrity, privacy and data portability."

When Zuckerberg calls for regulation of the Internet, he doesn't discuss hardware—servers and routers and fiber-optic cables, etc. He means content on the Internet. When it comes to "harmful content and election integrity," he clearly means some harmful and spurious content that has appeared on, e.g., Facebook. When he talks about "privacy and data portability," he means the privacy and portability of your content.

So let's not mince words: to regulate the Internet in these four areas is tantamount to regulating content, i.e., expression of ideas. That suggests, of course, that we should be on our guard against First Amendment violations. It is one thing for Facebook to remove (just for example) videos from conservative commentators like black female Trump supporters Diamond and Silk, which Facebook moderators called "unsafe." It's quite another thing for the federal government to do such a thing.

Zuckerberg wants actual government censorship

Now, before you accuse me of misrepresenting Zuckerberg, look at what his article says. It says, "I believe we need a more active role for governments and regulators," and in "four areas" in particular. The first-listed area is "harmful content." So Zuckerberg isn't saying, here, that it is Facebook that needs to shore up its defenses against harmful content. Rather, he is saying, here, that governments and regulators need to take action on harmful content. "That means deciding what counts as terrorist propaganda, hate speech and more." And more.

He even brags that Facebook is "working with governments, including French officials, on ensuring the effectiveness of content review systems." Oh, no doubt government officials will be only too happy to "ensure" that "content review systems" are "effective."

Now, in the United States, terrorist propaganda is already arguably against the law, although some regret that free speech concerns are keeping us from going far enough. Even there, we are right to move slowly and carefully, because a too-broad definition of "terrorist propaganda" might well put principled, honest, and nonviolent left- and right-wing opinionizing in the crosshairs of politically-motivated prosecutors.

But "deciding what counts as...hate speech" is a matter for U.S. law? Perhaps Zuckerberg should have finished his degree at Harvard, because he seems not to have learned that hate speech is unregulated under U.S. law, because of a little thing called the First Amendment to the U.S. Constitution. As recently as 2017, the Supreme Court unanimously struck down a "disparagement clause" in patent law which had said that trademarks may not "disparage...or bring...into contemp[t] or disrepute" any "persons, living or dead." This is widely regarded as demonstrating that there is no hate speech exception to the First Amendment. As the opinion says,

Speech that demeans on the basis of race, ethnicity, gender, religion, age, disability, or any other similar ground is hateful; but the proudest boast of our free speech jurisprudence is that we protect the freedom to express “the thought that we hate.” 

The trouble with the phrase "hate speech" lies in both the ambiguity and the vagueness of the word "hate" itself. "Hate speech" in its core sense (this is the motte) is speech that is motivated by the speaker's own bigoted hatred, but in an ancillary sense (this is the bailey), it means speech that we hate, because in our possibly incorrect opinion we think it is motivated by bigotry (but maybe it isn't). The phrase "hate speech" is also vague and useless because hate comes in degrees, with shifting objects. If I am irritated by Albanians and very mildly diss them, am I guilty of hate speech? Maybe. Jews? Almost certainly. What about white male southerners? Well, what's the answer there? And what if I really strongly hate a group that it is popular to hate, e.g., rapists?

There's much more to be said about this phrase, but here's the point. If government and regulators took Zuckerberg's call for hate speech legislation to heart, what rules would they use? Wouldn't they, quite naturally, shift according to political and religious sentiments? Wouldn't such regulations become a dangerous political football? Would there be any way to ensure it applies fairly across groups—bearing in mind that there is also a Fourteenth Amendment that legally requires such fairness? Surely we don't want the U.S. legal system subject to the same sort of spectacle that besets Canada and the U.K., in which people are prosecuted for criticizing some groups, while very similar criticism of other, unprotected groups goes unpunished?

But precisely that is, presumably, what Zuckerberg wants to happen. He doesn't want to be responsible for shutting down the likes of Diamond and Silk, or Ben Shapiro. That, he has discovered, is an extremely unpopular move; but he's deeply concerned about hate speech; so he would much rather the government do it.

If you want to say I'm not being fair to Zuckerberg or to those who want hate speech laws in the U.S., that of course you wouldn't dream of shutting down mainstream conservatives like this, I point you back to the motte and bailey. We, staunch defenders of free speech, can't trust you. We know about motte and bailey tactics. We know that, if not you, then plenty of your left-wing allies in government and media—who knows, maybe Kara Swisher—would advocate for government shutting down Ben Shapiro. That would be a win. The strategy is clear: find the edgiest thing he has said, label it "hate speech," and use it to argue that he poses a danger to others on the platform, so he should be deplatformed. Or just make an example of a few others like him. That might be enough for the much-desired chilling effect.

Even if you were to come out with an admirably clear and limited definition of "hate speech," which does not include mainstream conservatives and which would include some "hateful," extreme left-wing speech, that wouldn't help much. If the government adopted such "reasonable" regulations, it would be cold comfort. Once the cow has left the barn, once any hate speech law is passed, it's all too easy for someone to make subtle redefinitions of key terms to allow for viewpoint censorship. Then it's only a matter of time.

It's sad that it has come to this—that one of the most powerful Americans in the world suggests that we use the awesome power of law and government to regulate speech, to shut down "hate speech," a fundamentally obscure weasel word that can, ultimately, be used to shut down any speech we dislike—which after all is why the word is used. It's sad not only that this is what he has suggested, but that I have to point it out, and that it seems transgressive to, well, defend free speech. But very well then, I'll be transgressive; I'd say that those who agree with me now have an obligation to be transgressive in just this way.

We can only hope that, with Facebook executives heading for the exits and Facebook widely criticized, Zuckerberg's entirely wrongheaded call for (more) censorship will be ignored by federal and state governments. Don't count on it, though.

But maybe, censorship should be privatized

Facebook is also, Zuckerberg says, "creating an independent body so people can appeal our decisions." This is probably a legal ploy to avoid taking responsibility for censorship decisions, which would make it possible to regulate Facebook as a publisher, not just a platform. Of course, if the DMCA were replaced by some new regulatory framework, then Facebook might not have to give up control, because under the new framework, viewpoint censorship might not make them into publishers.

Of course, whether in the hands of a super-powerful central committee such as Zuckerberg is building, a giant corporation, or the government, we can expect censorship decisions to be highly politicized, to create an elite of censors and rank-and-file thought police to keep us plebs in line. Just imagine if all of the many conservative pages and individuals temporarily blocked or permanently banned by Facebook had to satisfy some third party tribunal.

One idea is for third-party bodies [i.e., not just one for Facebook] to set standards governing the distribution of harmful content and measure companies against those standards. Regulation could set baselines for what's prohibited and require companies to build systems for keeping harmful content to a bare minimum.

Facebook already publishes transparency reports on how effectively we're removing harmful content. I believe every major Internet service should do this quarterly, because it's just as important as financial reporting. Once we understand the prevalence of harmful content, we can see which companies are improving and where we should set the baselines.

There's a word for such "third-party bodies": censors.

The wording is stunning. He's concerned about "the distribution" of content and wants judged "measured" against some "standards." He wants content he disapproves of not just blocked, but kept to a "bare minimum." He wants to be "effective" in "removing harmful content." He really wants to "understand the prevalence of harmful content."

This is not the language that someone who genuinely cares about "the freedom for people to express themselves" would use.

3. The rest of the document

I'm going to cover the rest of the document much more briefly, because it's less important.

Zuckerberg favors regulations to create "common standards for verifying political actors," i.e., if you want to engage in political activity, you'll have to register with Facebook. This is all very vague, though. What behavior, exactly, is going to be caught in the net that's being weaved here? Zuckerberg worries that "divisive political issues" are the target of "attempted interference." Well, yes—well spotted there, political issues sure can be divisive! But it isn't their divisiveness that Facebook or other platforms should try to regulate; it is the "interference" by foreign government actors. What that means precisely, I really wonder.

Zuckerberg's third point is that we need a "globally harmonized framework" for "effective privacy and data protection." Well, that's music to my ears. But it's certainly rich, the very notion that the world's biggest violator of privacy, indeed the guy whose violations are perhaps the single biggest cause of widespread concern about privacy, wants privacy rights protected.

He wants privacy rights protected the way he wants free speech protected. I wouldn't believe him.

Zuckerberg's final point is another that you might think would make me happy: "regulation should guarantee the principle of data portability."

Well. No. Code should guarantee data portability. Regulation shouldn't guarantee any such thing. I don't trust governments, in the pockets of "experts" in the pay of giant corporations, to settle the rules according to which data is "portable." They might, just for instance, write the rules in such a way that gives governments a back door into what should be entirely private data.

Beware social media giants bearing gifts.

And portability, while nice, is not the point. Of course Zuckerberg is OK with the portability of data, i.e., allowing people to more easily move it from one vendor to another. But that's a technical detail of convenience. What matters, rather, is whether I own my data and serve it myself to my subscribers, according to rules that I and they mutually agree on.

But that is something that Zuckerberg specifically can't agree to, because he's already told you that he wants "hate speech and more" to be regulated. By the government or by third party censors.

You can't have it both ways, Zuckerberg. Which is it going to be: data ownership that protects unfettered free speech, or censorship that ultimately forbids data ownership?